8 matches found
WordPress BP Group Documents plugin <= 1.10 Authenticated Document Modification vulnerability
WordPress BP Group Documents plugin Authenticated Document Modification vulnerability exists in the function dopostlogic, in the file /include/templatetags.php. If user has a capability to edit one document, he also can edit all other documents. Solution Update the plugin...
Wordpress BP Group Documents Plugin 1.2.1 - Multiple Vulnerabilities
No description provided by source...
GNUpanel 0.3.5_R4 Cross Site Request Forgery / Cross Site Scripting
Exploit Title :GNUpanel 0.3.5R4 - Multiple Vulnerabilities Vendor Homepage :http://wp.geeklab.com.ar/gl-en/gnupanel/ GNUPanel Version :0.3.5R4 Server :Centos 6.4 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com http://www.grisapka.org Discovery date :03/11/2014 CVE :N/A...
Wordpress BP Group Documents Plugin 1.2.1 - Multiple Vulnerabilities
Stored XSS vulnerability in BP Group Documents 1.2.1 Description ================ Stored XSS vulnerability in BP Group Documents 1.2.1 Vulnerability ================ “Display name” and “Description” fields are not escaped, meaning any tags including script tags can be stored in them. Proof of...
WordPress BP Group Documents Plugin 1.2.1 - Multiple Vulnerabilities
BP Group Documents plugin is prone to multiple vulnerabilities. 1. Stored XSS - “Display name” and “Description” fields are not escaped. It means that any tags can be stored in them. 2. Cross-site request forgery - the fields are vulnerable and an unauthenticated user can logged in user to edit a...
WordPress BP Group Documents多个漏洞
WordPress是一款内容管理系统。 WordPress BP Group Documents“显示名称”和“描述”字段存在存储型跨站脚本漏洞,跨站请求伪造和文件移动漏洞。 0 BP Group Documents 1.2.1 厂商补丁: WordPress ----- WordPress 1.2.2版本以修复此漏洞,建议用户下载使用: http://wordpress.org/plugins/bp-group-documents/ Stored XSS ================ Go to the upload form, select a document to uploa...
WordPress Plugin BP Group Documents 1.2.1 - Multiple Vulnerabilities
WordPress Plugin BP Group Documents 1.2.1 - Multiple Vulnerabilities Details ================ Software: BP Group Documents Version: 1.2.1 Homepage: http://wordpress.org/plugins/bp-group-documents/ CVSS: 8 High; AV:N/AC:L/Au:S/C:P/I:P/A:C Description ================ Stored XSS vulnerability in BP...
WordPress Plugin BP Group Documents 1.2.1 - Multiple Vulnerabilities
Details ================ Software: BP Group Documents Version: 1.2.1 Homepage: http://wordpress.org/plugins/bp-group-documents/ CVSS: 8 High; AV:N/AC:L/Au:S/C:P/I:P/A:C Description ================ Stored XSS vulnerability in BP Group Documents 1.2.1 Vulnerability ================ “Display name”...